WordPress Gallery PhotoBlocks plugin <= 1.2.7 - Cross-Site Request Forgery (CSRF) vulnerabilities

Cross-Site Request Forgery CSRF vulnerabilities leading to Gallery Delete / Copy discovered by Ngo Van Thien Patchstack Alliance in WordPress Gallery PhotoBlocks plugin versions = 1.2.7. Solution Deactivate and delete. This plugin has been closed as of August 10, 2022 and is not available for...

WordPress Gallery PhotoBlocks plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Gallery PhotoBlocks plugin versions = 1.2.6. Solution Deactivate and delete. This plugin has been closed as of August 10, 2022 and is not available for...

WordPress amCharts: Charts and Maps plugin <= 1.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress amCharts: Charts and Maps plugin versions = 1.4. Solution Update the WordPress amCharts: Charts and Maps plugin to the latest available version at least 1.4.1...

WordPress Contest Gallery plugin <= 17.0.4 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Nguy Minh Tuan Patchstack Alliance in WordPress Contest Gallery plugin versions = 17.0.4. Solution Update the WordPress Contest Gallery plugin to the latest available version at least 17.0.5...

WordPress WP Hotel Booking plugin <= 1.10.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Ngo Van Thien Patchstack Alliance in the WordPress WP Hotel Booking plugin versions = 1.10.5. Solution Update the WordPress WP Hotel Booking plugin to the latest available version at least 1.10.6...

WordPress Download Manager plugin <= 3.2.48 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to template status change discovered by Muhammad Daffa Patchstack Alliance in WordPress Download Manager plugin versions = 3.2.48. Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.49...

WordPress ActiveDEMAND plugin <= 0.2.27 - Broken Authentication vulnerability

Broken Authentication vulnerability leading to unauthenticated post update/create/delete discovered by Tien Nguyen Anh Patchstack Alliance in WordPress ActiveDEMAND plugin versions = 0.2.27. Solution Update the WordPress ActiveDEMAND plugin to the latest available version at least 0.2.28...

WordPress Button Plugin MaxButtons plugin <= 9.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Button Plugin MaxButtons plugin versions = 9.2. Solution Update the WordPress MaxButtons plugin to the latest available version at least 9.3...

WordPress Rich Reviews by Starfish plugin <= 1.9.14 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to review deletion discovered by Ngo Van Thien Patchstack Alliance in WordPress Rich Reviews by Starfish plugin versions = 1.9.14. Solution No patched version available...

WordPress MaxButtons plugin <= 9.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Muhammad Daffa Patchstack Alliance in WordPress MaxButtons plugin versions = 9.2. Solution Update the WordPress MaxButtons plugin to the latest available version at least 9.3...

WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability via malicious SVG file upload discovered by Kim Jong Min aka Universe Patchstack Alliance in WordPress Enable SVG, WebP & ICO Upload plugin versions = 1.0.3. Solution No patched version available...

WordPress MailerLite – Signup forms (official) plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to API key change discovered by Muhammad Daffa Patchstack Alliance in WordPress MailerLite – Signup forms official plugin versions = 1.5.7. Solution Update the WordPress MailerLite – Signup forms plugin to the latest available version at least...

WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.3 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by Kim Jong Min aka Universe Patchstack Alliance in WordPress Enable SVG, WebP & ICO Upload plugin versions = 1.0.3. Solution No patched version available...

WordPress Floating Div plugin <= 3.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Floating Div plugin versions = 3.0. Solution No patched version available...

WordPress BxSlider WP plugin <= 2.0.0 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress BxSlider WP plugin versions = 2.0.0. Solution No patched version is available...

WordPress GS Testimonial Slider plugin <= 1.9.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Anh Patchstack Alliance in WordPress GS Testimonial Slider plugin versions = 1.9.5. Solution Update the WordPress GS Testimonial Slider plugin to the latest available version at least 1.9.6...

WordPress Team plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Team plugin versions = 1.2.6. Solution Deactivate and delete. This plugin has been closed as of May 3, 2022 and is not available for download. Reason:...

WordPress Testimonials plugin <= 3.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Testimonials plugin versions = 3.0.1. Solution No patched version is available. No way to contact the vendor...

WordPress Homepage Product Organizer for WooCommerce plugin <= 1.1 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities

Multiple Authenticated SQL Injection SQLi vulnerabilities were discovered by Lenon Leite Patchstack Alliance in the WordPress Homepage Product Organizer for WooCommerce plugin versions = 1.1. Solution No patched version is available. We were unable to contact the vendor...

WordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Read via Export function vulnerability

Authenticated Arbitrary File Read via Export function vulnerability discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in WordPress GiveWP plugin versions = 2.20.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.21.0...